summaryrefslogtreecommitdiffstats
path: root/module/database/UserDatabase.py
diff options
context:
space:
mode:
Diffstat (limited to 'module/database/UserDatabase.py')
-rw-r--r--module/database/UserDatabase.py34
1 files changed, 26 insertions, 8 deletions
diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
index a69dfff0e..6137581ed 100644
--- a/module/database/UserDatabase.py
+++ b/module/database/UserDatabase.py
@@ -22,20 +22,36 @@ from DatabaseBackend import style
from hashlib import sha1
import random
+class PERMS:
+ ADD = 1 # can add packages
+ DELETE = 2 # can delete packages
+ STATUS = 4 # see and change server status
+ SEE_DOWNLOADS = 16 # see queue and collector
+ DOWNLOAD = 32 # can download from webinterface
+ SETTINGS = 64 # can access settings
+
+class ROLE:
+ ADMIN = 0 #admin has all permissions implicit
+ USER = 1
+
+def has_permission(current, perms):
+ # bytewise or perms before if needed
+ return current == (current & perms)
+
class UserMethods():
@style.queue
def checkAuth(db, user, password):
c = db.c
- c.execute('SELECT name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
+ c.execute('SELECT id, name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
r = c.fetchone()
if not r:
return {}
- salt = r[1][:5]
- pw = r[1][5:]
+ salt = r[2][:5]
+ pw = r[2][5:]
h = sha1(salt + password)
if h.hexdigest() == pw:
- return {"name": r[0], "role": r[2], "permission": r[3], "template": r[4]}
+ return {"id": r[0], "name": r[1], "role": r[3], "permission": r[4], "template": r[5]}
else:
return {}
@@ -51,6 +67,11 @@ class UserMethods():
c.execute('UPDATE users SET password=? WHERE name=?', (password, user))
else:
c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password))
+
+
+ @style.queue
+ def setPermission(db, userid, perms):
+ db.c.execute("UPDATE users SET permission=? WHERE id=?", (perms, userid))
@style.queue
def listUsers(db):
@@ -63,10 +84,7 @@ class UserMethods():
@style.queue
def removeUser(db, user):
- c = db.c
- c.execute('SELECT name FROM users WHERE name=?', (user, ))
- if c.fetchone() is not None:
- c.execute('DELETE FROM users WHERE name=?', (user, ))
+ c.execute('DELETE FROM users WHERE name=?', (user, ))
DatabaseBackend.registerSub(UserMethods)